Path Traversal Vulnerability in TeamCity Allows Limited Admin Actions
CVE-2024-27199

7.3HIGH

Key Information:

Vendor
Jetbrains
Status
Teamcity
Vendor
CVE Published:
4 March 2024

Badges

📰 News Worthy

Summary

JetBrains TeamCity versions prior to 2023.11.4 are susceptible to a path traversal vulnerability that enables unauthorized users to execute limited administrative actions. This flaw could potentially allow attackers to exploit the system's structure, leading to the execution of unintended commands and unauthorized access. The implication of this vulnerability highlights the importance of updating to the latest version to safeguard against unauthorized access and maintain system integrity. Remote exploitation may allow attackers to navigate beyond restricted directories, posing risks to sensitive data and configurations.

Affected Version(s)

TeamCity 0 < 2023.11.4

News Articles

favicon imageSC Media

JetBrains patches new TeamCity authentication bypass bugs

TeamCity servers risk being exposed to “complete compromise” if patch isn’t installed, researchers warned.

favicon imagethecyberthrone.in

PravinKarthik

Read all of the posts by PravinKarthik on TheCyberThrone

favicon imageTrend Micro

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

References

https://www.jetbrains.com/privacy-security/issues-fixed/
https://www.darkreading.com/cyberattacks-data-breaches/je...

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.